Access control in wide distributed networks has to be separated into domains in order to make it easily scalable and manageable. The management system also has to be automated to reduce complexity. Role based access control allows to achieve this goal, however adding public key infrastructure to RBAC approach would expand system capabilities in many ways. One of them is ability to specify certificate—based policies, which allow to access system resources by users form un-trusted sources. Adding digital signature to policies increases system security. This paper describes communication protocol in certificate based access control system, based on XACML standard described in .
Financed by the National Centre for Research and Development under grant No. SP/I/1/77065/10 by the strategic scientific research and experimental development program:
SYNAT - “Interdisciplinary System for Interactive Scientific and Scientific-Technical Information”.